<?php

/*
    + We now can connect to different databases. MySQL is no more the only option!
    + Security is given by named parameters, escaped for us by PDO!
    + Prepared statements make our queries easier to reuse!
    + Exceptions are used, we can now catch them!
    - Queries are still performed in the SQL dialect of the vendor, which could make our code not 100% portable.
    - Still have to keep track of identifiers of the inserted fields by ourselves.
*/

try {
	$dbh = new PDO('mysql:host=localhost;dbname=test', 'user', 'password');

	//simple example
	$sth = $dbh->prepare('INSERT INTO greetings (content) VALUES (:content)');
	$sth->execute(array(':content' => $_POST['content']));

	//comments example
	$sth = $dbh->prepare('INSERT INTO users (username) VALUES (:username)');
	$sth->execute(array(':username' => $_POST['username']));
	$sth = $dbh->prepare('INSERT INTO comments (user_id, content) VALUES (:user_id, :content)');
	$sth->execute(array(':user_id' => $dbh->lastInsertId(), ':content' => $_POST['content']));
} catch (PDOException $e) {
	echo $e->getMessage();
}